enterprise-support team mailing list archive
-
enterprise-support team
-
Mailing list archive
-
Message #02349
[Question #217931]: SMB2: Windows 7 users without passwd cannot connect
New question #217931 on samba in Ubuntu:
https://answers.launchpad.net/ubuntu/+source/samba/+question/217931
Server (TESTBAK) configuration:
Ubuntu 12.10 minimal CD install
samba package version 2:3.6.6-3ubuntu5
minimalistic smb.conf contains:
[global]
workgroup = THUISNET
null paswords = yes
max protocol = SMB2
log level = 3
[Testshare]
comment = Quite volatile
path = /tmp/
Client (INTREPID, 10.39.94.9) configuration:
Windows 7 Professional 64 bit
Attempt from user RuudTrudy to browse TESTBAK fails.
/var/log/samba/log.smbd contains:
[2012/12/30 13:41:20.574134, 3] lib/access.c:338(allow_access)
Allowed connection from 10.39.94.9 (10.39.94.9)
[2012/12/30 13:41:20.574341, 3] smbd/oplock.c:922(init_oplocks)
init_oplocks: initializing messages.
[2012/12/30 13:41:20.574452, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks)
Linux kernel oplocks enabled
[2012/12/30 13:41:20.574644, 3] smbd/process.c:1662(process_smb)
Transaction 0 of length 108 (0 toread)
[2012/12/30 13:41:20.576672, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xe2088297
[2012/12/30 13:41:20.577432, 3] ../libcli/auth/ntlmssp_server.c:348(ntlmssp_server_preauth)
Got user=[RuudTrudy] domain=[Intrepid] workstation=[INTREPID] len1=24 len2=256
[2012/12/30 13:41:20.577597, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [Intrepid]\[RuudTrudy]@[INTREPID] with the new password interface
[2012/12/30 13:41:20.577661, 3] auth/auth.c:222(check_ntlm_password)
check_ntlm_password: mapped user is: [TESTBAK]\[RuudTrudy]@[INTREPID]
[2012/12/30 13:41:20.578230, 3] passdb/lookup_sid.c:1754(get_primary_group_sid)
Forcing Primary Group to 'Domain Users' for RuudTrudy
[2012/12/30 13:41:20.578411, 3] auth/check_samsec.c:56(sam_password_ok)
Account for user 'RuudTrudy' has no password and null passwords are allowed.
[2012/12/30 13:41:20.578761, 3] auth/auth.c:268(check_ntlm_password)
check_ntlm_password: sam authentication for user [RuudTrudy] succeeded
[2012/12/30 13:41:20.578853, 2] auth/auth.c:309(check_ntlm_password)
check_ntlm_password: authentication for user [RuudTrudy] -> [RuudTrudy] -> [RuudTrudy] succeeded
[2012/12/30 13:41:20.579028, 3] auth/token_util.c:438(finalize_local_nt_token)
Failed to fetch domain sid for THUISNET
[2012/12/30 13:41:20.579166, 3] auth/token_util.c:469(finalize_local_nt_token)
Failed to fetch domain sid for THUISNET
[2012/12/30 13:41:20.580167, 3] smbd/password.c:238(register_homes_share)
Adding homes service for user 'RuudTrudy' using home directory: '/home/RuudTrudy'
[2012/12/30 13:41:20.580342, 2] smbd/smb2_signing.c:58(smb2_signing_sign_pdu)
Wrong session key length 0 for SMB2 signing
[2012/12/30 13:41:20.580598, 3] smbd/server_exit.c:181(exit_server_common)
Server exit (NT_STATUS_ACCESS_DENIED)
Wireshark shows that smbd bluntly closes the connection at this point, leaving the client clueless...
Same user on Windows XP client can connect (but that client does not use SMB2).
Removing max protocol = SMB2 obviously resolves the issue.
So my question:
Does SMB2 protocol prohibit users with empty passwords?
Regards,
Ruud Pendavingh
--
You received this question notification because you are a member of
Ubuntu Server/Client Support Team, which is an answer contact for samba
in Ubuntu.
